Blame SOURCES/openssl-1.0.1e-no-md5-verify.patch

2b5643
diff -up openssl-1.0.1e/crypto/asn1/a_verify.c.no-md5-verify openssl-1.0.1e/crypto/asn1/a_verify.c
2b5643
--- openssl-1.0.1e/crypto/asn1/a_verify.c.no-md5-verify	2013-02-11 16:26:04.000000000 +0100
2b5643
+++ openssl-1.0.1e/crypto/asn1/a_verify.c	2013-11-13 16:30:04.628791616 +0100
2b5643
@@ -56,6 +56,9 @@
2b5643
  * [including the GNU Public Licence.]
2b5643
  */
2b5643
 
2b5643
+/* for secure_getenv */
2b5643
+#define _GNU_SOURCE
2b5643
+
2b5643
 #include <stdio.h>
2b5643
 #include <time.h>
2b5643
 
2b5643
@@ -171,6 +174,11 @@ int ASN1_item_verify(const ASN1_ITEM *it
2b5643
 			goto err;
2b5643
 		ret = -1;
2b5643
 		}
2b5643
+	else if (mdnid == NID_md5 && secure_getenv("OPENSSL_ENABLE_MD5_VERIFY") == NULL)
2b5643
+		{
2b5643
+		ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
2b5643
+		goto err;
2b5643
+		}
2b5643
 	else
2b5643
 		{
2b5643
 		const EVP_MD *type;